Using Checkmarx One CLI Variables
Many CLI values can be provided explicitly as CLI parameters, or via configuration variables or environment variables.
Variables Hierarchy
The following precedence is used when there is a conflict between the different provided values:
CLI parameters always override configuration and environment variables.
Configuration variables override environment variables.
Environment variables.
Checkmarx One CLI Config and Environment Variables
The CLI tool provides the ability to permanently store CLI options in configuration files.
The configuration files are kept in the users home directory under a subdirectory named ($HOME/.checkmarx).
CLI Configuration Parameters
The following table contains all the values that can be stored in CLI configuration files:
Parameter | Description |
|---|---|
cx_apikey | An API Key to login to the Checkmarx One Server |
cx_base_uri | The URL of the Checkmarx One Server |
cx_base_auth_uri | The URL Of the Checkmarx One User Management Server |
cx_client_id | The client ID that is used for client authentication |
cx_client_secret | The client secret that is used for client authentication |
http_proxy | An optional proxy server configuration |
cx_tenant | The customer’s tenant name |
sca-resolver | The path to a correctly configured SCA resolver executable. |
Configuration Flags
The following flags are used with the configure set command.
Notice
The --prop-name and --prop-value flags must be used with each configure set command.
Name | Description |
|---|---|
---help, -h | help for the configure command |
--prop-name <string> | Name of property set |
--prop-value <string> | Value of property set |
Below are several examples for the CLI Configuration usage:
./cx configure set --prop-name cx_base_uri --prop-value "http://<AST-server>[:<port>]" ./cx configure set --prop-name cx_base_auth_uri --prop-value <AST User Management URI> ./cx configure set --prop-name cx_client_id --prop-value <Client ID> ./cx configure set --prop-name cx_client_secret --prop-value <Client Secret> ./cx configure set --prop-name http_proxy --prop-value <Proxy server> ./cx configure set --prop-name cx_apikey --prop-value <apikey> ./cx configure set --prop-name cx_tenant --prop-value <Tenant name>
Configuration Profiles
The --profile option (CLI parameter) provides a powerful tool to quickly switch between different sets of configurations.
The user can add a profile name to any CLI command and it utilizes the corresponding profile settings.
The following example sets up a profile named test and calls a CLI command to utilize it.
# Create the "test" profile ./cx configure set --prop-name cx_base_uri --prop-value "http://Checkmarx One-server" --profile test # Use the "test" profile to retrieve the scan list ./cx scan list --profile test # The below command uses the default profile (not the "test" profile) ./cx scan list
The configure command supports an interactive mode that prompts for the following settings:
Checkmarx One Base-URI
Checkmarx One Base Auth URI
Checkmarx One Tenant
Option to select API Key authentication or Client ID/Secret
Set one of the following:
API Key authentication
Checkmarx One Client ID / Checkmarx One Client Secret
For example:
[email protected]:/ast$ ./cx.exe configure Setup guide: https://checkmarx.atlassian.net/wiki/x/mIKctw Checkmarx One Base URI [https://ast.checkmarx.net/]: https://ast.checkmarx.net/ Checkmarx One Base Auth URI (IAM) [https://iam.checkmarx.net/]: https://iam.checkmarx.net/ Checkmarx One Tenant [mytenant]: mytenant Do you want to use API Key authentication? (Y/N): N Checkmarx One Client ID []: myclientId Client Secret []: myclientSecret
Notice
If the CLI has previously stored values to the above parameters, they will be presented when using the configure command.
To keep the existing values, press Enter.
Environment Variables
The CLI tool supports several Environment Variables.
The below table includes all the Environment Variables that can be configured using the CLI tool.
Note
The Environment Variables configuration is valid per shell session.
This means that if Environment Variables were configured, but the CLI/CMD windows are closed, the configured Environment Variables will not be saved.
To use them again, you will need to configure them once again in a new shell session.
Environment Variable | Description |
|---|---|
CX_CLIENT_ID | The client ID that is used for client authentication |
CX_CLIENT_SECRET | The client secret that is used for client authentication |
CX_APIKEY | The API Key to login to Checkmarx One with |
CX_BASE_URI | The URL of the Checkmarx One server |
CX_BASE_IAM_URI | The URL Of the Checkmarx One User Management Server. This is optional and only required when using a different instance then the Checkmarx One's built in one. |
HTTP_PROXY | Triggers the CLI to use a proxy server |
CX_TENANT | The tenant that is used for client authentication |
Setting Environment Variables
Linux/MAC
To set an Environment Variable on Linux/MAC operating systems, use the export command.
For example:
# Configure the CX_BASE_URI as an environment variable export CX_BASE_URI=https://<URL of the Checkmarx One server> # Configure the CX_APIKEY as an environment variable export CX_APIKEY=<APIKEY>
Windows
To set an Environment Variable on Windows operating systems, use the setx command.
For example:
# Configure the CX_BASE_URI as an environment variable setx CX_BASE_URI https://<URL of the Checkmarx One server> # Configure the CX_TOKEN as an environment variable setx CX_APIKEY <APIKEY>